We are setting up the Ubuntu OVA and the current documentation still seems to only show the required URLs and ports for the old CentOS/RHEL versions. Could anyone validate if these are the only required URL’s to set up the orchestrator?
Port TCP 443
Protocol HTTPS
URLs
http://us.archive.ubuntu.com/ubuntu/
http://security.ubuntu.com/ubuntu/
http://archive.ubuntu.com/ubuntu/
https://packagecloud.io/rapid7/insightconnect_stable/ubuntu/
https://ppa.launchpadcontent.net/ansible/ansible/ubuntu/
https://download.docker.com/linux/ubuntu
{region}.api.connect.insight.rapid7.com
{region}.plugins.connect.insight.rapid7.com
I have decided to open a support case since there is not a response here yet. If I get validation I will post a reply. I have also informed support the KB’s are dated as well in hopes they will address that.
I was unable to get the Knowledgebase updated by Rapid7, I am still working on it with their team. That being said, here’s the list of URLs we had to whitelist on our firewall to allow outbound communication. Note Ubuntu repo’s use port 80, all others use 443, this is denoted with HTTP and HTTPS
http://us.archive.ubuntu.com/ubuntu/
http://security.ubuntu.com/ubuntu/
http://archive.ubuntu.com/ubuntu/
https://packagecloud.io/rapid7/insightconnect_stable/ubuntu/
https://ppa.launchpadcontent.net/ansible/ansible/ubuntu/
https://download.docker.com/linux/ubuntu
https://{region}.api.connect.insight.rapid7.com
https://{region}.plugins.connect.insight.rapid7.com
https://d3fo0g5hm7lbuv.cloudfront.net
The cloudfront URL is a requirement documented by Package Cloud’s knowledge base thats not listed in Rapid7’s: https://packagecloud.io/docs/security